﻿// Copyright (c) Brock Allen & Dominick Baier. All rights reserved.
// Licensed under the Apache License, Version 2.0. See LICENSE in the project root for license information.


using IdentityModel;
using IdentityServer4;
using IdentityServer4.Models;
using System.Collections.Generic;

namespace Chen.IdentityServer4
{
    public static class Config
    {
        public static IEnumerable<IdentityResource> IdentityResources =>
                   new IdentityResource[]
                   {
                        new IdentityResources.OpenId(),
                        new IdentityResources.Profile(),
                        new IdentityResources.Email(),
                        new IdentityResources.Phone(),
                        new IdentityResources.Address(),

                        //这个idnetity是在用户端点能获取到的claim
                        new IdentityResource("sex",new List<string>(){"sex"}),
                        new IdentityResource("city",new List<string>(){"city"}),
                        new IdentityResource("country",new List<string>(){"country"}),
                        new IdentityResource("headimgurl",new List<string>(){"headimgurl"}),
                        new IdentityResource("unionid",new List<string>(){"unionid"}),

                        new IdentityResource("id",new List<string>(){"id"}),
                        new IdentityResource("attributes",new List<string>(){"attributes","cn","departmentName","samlAuthenticationStatementAuthMethod","uid"}),


                   };

        public static IEnumerable<ApiScope> ApiScopes =>
            new ApiScope[]
            {
                new ApiScope("abp.read","abp framework api read",new List<string>(){ "AdminRole" }),
                new ApiScope("abp.write","abp framework api write",new List<string>(){ "user_level" }),
                new ApiScope("abp.pay","abp framework api pay"),

                new ApiScope("blog.read","blog api read"),
                new ApiScope("blog.write","blog api write",new List<string>(){ "user_level" }),
                new ApiScope("blog.pay","blog api pay"),

                new ApiScope("wxin.add","wxin api add",new List<string>(){ "claim1","claim2"}),
                new ApiScope("wxin.read","wxin api read",new List<string>(){ "claim3","claim4"}),
                new ApiScope("wxin.write","wxin api write",new List<string>(){ "claim15","claim6"}),

                new ApiScope("claim1","claim 1",new List<string>(){ "claim11","claim2"}),
                new ApiScope("claim2","claim 2",new List<string>(){ "claim15","claim6"}),

                new ApiScope("nickname"),
                //new ApiScope("sex",new List<string>(){ "sex"}),
                //new ApiScope("city"),
                //new ApiScope("country"),
                //new ApiScope("headimgurl"),
                //new ApiScope("unionid"),

                new ApiScope("AbpDemo"),
                new ApiScope("AbpDemo API"),
            };

        public static IEnumerable<ApiResource> ApiResources => new List<ApiResource>()
        {
            new ApiResource()
            {
                Name = "abpresource", DisplayName = "abp framework API",
                Scopes = new List<string>()
                {
                    "abp.read","abp.write","abp.pay"
                },

            },
            new ApiResource()
            {
                Name = "blogresource",
                DisplayName = "blog API",
                Scopes = new List<string>()
                {
                    "blog.read","blog.write","blog.pay"
                },

            },
             new ApiResource()
            {
                Name = "wxinresource",
                DisplayName = "wxin API",
                Scopes = new List<string>()
                {
                    "wxin.read","wxin.write","wxin.read","claim1","claim2",
                    "nickname","sex","city","country","headimgurl","unionid"
                },

            },
        };



        public static IEnumerable<Client> Clients =>
            new Client[]
            {
                new Client
                    {
                        ClientId="AbpDemo_Swagger",
                        ClientSecrets={new Secret("secret".Sha256()) },
                        AllowedScopes={ "AbpDemo","AbpDemo API", "nickname","claim1", IdentityServerConstants.StandardScopes.OfflineAccess},
                        AllowOfflineAccess=true,
                        AllowedGrantTypes=GrantTypes.Code,
                        RedirectUris=new List<string>(){ "http://192.168.149.171:5000/swagger/oauth2-redirect.html" },
                        RequirePkce=false,
                        AllowedCorsOrigins=new List<string>(){ "http://192.168.149.171:5000" },

                    },
                new Client
                    {
                        ClientId="ExamJsClient",
                        ClientSecrets={new Secret("secret".Sha256()) },
                        AllowedScopes={ "AbpDemo","AbpDemo API", "nickname","claim1", IdentityServerConstants.StandardScopes.OfflineAccess},
                        AllowOfflineAccess=true,
                        AllowedGrantTypes=GrantTypes.Code,
                        RedirectUris=new List<string>(){ "https://localhost:4001/#/CallBack" },
                        RequirePkce=true,
                        AllowedCorsOrigins=new List<string>(){ "https://localhost:4001", "http://localhost:5000", "https://localhost:5001" },
                    },

                new Client
                {
                    ClientId = "wxfamily",
                    ClientSecrets = { new Secret("secret".Sha256()) },
                    //授权码模式
                    AllowedGrantTypes = GrantTypes.Code,
                    //需要确认授权
                    RequireConsent = true,
                    RequirePkce = false,
                    
                    //允许token通过浏览器
                    AllowAccessTokensViaBrowser=true,               
                    // where to redirect to after login(登录)
                    RedirectUris = { "http://localhost:5001/meidicallback/callback" },
                    // where to redirect to after logout(退出)
                    PostLogoutRedirectUris = { "http://localhost:5001/meidicallback/signout" },
                    //允许的范围
                    AllowedScopes = new List<string>
                    {
                        "claim1",
                        "claim2",
                        "wxin.read",
                        "wxin.write",
                        "wxin.add",
                        IdentityServerConstants.StandardScopes.OpenId,
                        IdentityServerConstants.StandardScopes.Profile,
                        IdentityServerConstants.StandardScopes.Email,
                        IdentityServerConstants.StandardScopes.Address,
                        "nickname",
                        "sex",
                        "country",
                        "headimgurl",
                        "unionid",
                        "id",
                        "attributes"
                    },
                    AlwaysIncludeUserClaimsInIdToken=true,
                },
                //code模式
                new Client
                    {
                        ClientId = "mvc",
                        ClientName="MVC Client",
                        ClientSecrets = { new Secret("secret".Sha256()) },

                        AllowedGrantTypes = GrantTypes.Code,

                        // where to redirect to after login
                        RedirectUris = { "https://localhost:5005/signin-oidc" },

                        // where to redirect to after logout
                        PostLogoutRedirectUris = { "https://localhost:5005/signout-callback-oidc" },
                        AllowOfflineAccess=true,
                        AllowedScopes = new List<string>
                        {
                            IdentityServerConstants.StandardScopes.OpenId,
                            IdentityServerConstants.StandardScopes.Profile,
                            IdentityServerConstants.StandardScopes.OfflineAccess
                        }
                    },
                //客户端模式 适用场景：用于和用户无关，服务与服务之间直接交互访问资源
                new Client
                    {
                        ClientId="apiclient",
                        ClientSecrets={new Secret("secret".Sha256()) },
                        AllowOfflineAccess=true,
                        AllowedScopes={ "blogresource", "Exam.Books", "blog.read","blog.write", "abpresource", "abp.read", "abp.write", IdentityServerConstants.StandardScopes.OfflineAccess},
                        AllowedGrantTypes=GrantTypes.Implicit
                    },
                //密码模式  用于当前的APP是专门为服务端设计的情况。
                new Client
                    {
                        ClientId="passwordclient",
                        ClientSecrets={new Secret("secret".Sha256()) },
                        AllowedScopes={ "blogresource", IdentityServerConstants.StandardScopes.OfflineAccess},
                        AllowOfflineAccess=true,
                        AllowedGrantTypes=GrantTypes.ResourceOwnerPassword,
                        RedirectUris=new List<string>(){ "https://localhost:44389/swagger/index.html" }

                    },

                // m2m client credentials flow client
                new Client
                {
                    ClientId = "smsclient",
                    ClientName = "sms sms Client",

                    AllowedGrantTypes =new List<string>{ "smsgrant"},
                    ClientSecrets = { new Secret("secret".Sha256()) },

                    AllowedScopes = { "blogresource" , IdentityServerConstants.StandardScopes.OfflineAccess }
                },
                //code模式
                new Client
                    {
                        ClientId = "cjjblog",
                        ClientName="cjjblog",
                        ClientSecrets = { new Secret("secret".Sha256()) },
                        AllowedCorsOrigins={"http://localhost:8090" },
                        AllowedGrantTypes = GrantTypes.Code,

                        RequireClientSecret=false,
                        RequireConsent=false,
                        // where to redirect to after login
                        RedirectUris = { "http://localhost:8090/callback" },
                        // where to redirect to after logout
                        PostLogoutRedirectUris = { "https://localhost:5005/signout-callback-oidc" },
                        AllowOfflineAccess=true,
                        AllowedScopes = new List<string>
                        {
                            IdentityServerConstants.StandardScopes.OpenId,
                            IdentityServerConstants.StandardScopes.Profile,
                            IdentityServerConstants.StandardScopes.OfflineAccess
                        }
                    },
                                //为昕科技 code模式
                //new Client
                //    {
                //        ClientId = "wxfamily",
                //        ClientName="WxinIdentityServer",
                //        ClientSecrets = { new Secret("secret".Sha256()) },

                //        AllowedGrantTypes = GrantTypes.Code,

                //        // where to redirect to after login  ---signin-oidc
                //        RedirectUris = { "http://localhost:5001/meidicallback/callback" },

                //        // where to redirect to after logout
                //        PostLogoutRedirectUris = { "https://localhost:5001/meidicallback/signout" },
                //        AllowOfflineAccess=true,
                //        RequirePkce=false,
                //        AllowedScopes = new List<string>
                //        {
                //            "wxinresource",
                //            "wxin.read","wxin.write",
                //            "wxin.add",
                //            IdentityServerConstants.StandardScopes.OpenId,
                //            IdentityServerConstants.StandardScopes.Profile,
                //            IdentityServerConstants.StandardScopes.OfflineAccess
                //        }
                //    },
            };
    }
}
